PHP flaw sparks global attack wave. - CyberWire Daily

Summary8 min read

CyberWire Daily: PHP Flaw Sparks Global Attack Wave

Published on March 10, 2025 by N2K Networks

Introduction

In the March 10, 2025 episode of CyberWire Daily, hosted by Dave Buettner and powered by N2K Networks, industry leaders delve into a series of critical cybersecurity incidents and developments shaping the global landscape. The episode provides an in-depth analysis of a recently exploited PHP vulnerability, emerging threats in microcontroller security, the evolving role of the Office of the National Cyber Director (ONCD), and significant ransomware attacks affecting various sectors. Additionally, the episode features an insightful interview with Errol Weiss, Chief Security Officer at the Health Information Sharing and Analysis Center (Health ISAC), who discusses the pressing need for private sector leadership in safeguarding critical infrastructure.

Key Cybersecurity News

1. PHP Vulnerability Exploited Globally

Timestamp: [02:00]

A critical PHP vulnerability has been actively exploited worldwide, allowing threat actors to execute remote code on Windows servers running Apache and PHP CGI with specific code page settings. The flaw, stemming from PHP's improper handling of Unicode best fit conversion, enables attackers to manipulate character sequences into PHP options. Disclosed publicly in June 2024, ransomware groups capitalized on this vulnerability within days of its revelation.

Notable Quote:

"Threat actors are actively exploiting a critical PHP vulnerability to execute remote code on Windows servers," — CyberWire Daily, [02:00]

Cisco reported targeted attacks on Japanese organizations across multiple sectors using Cobalt Strike-based tools for persistence and privilege escalation. Gray Noise further highlighted the global surge in exploitation attempts, particularly from IPs in the US, UK, Singapore, and India, with Germany and China accounting for over 43% of malicious activities. Users are urged to update their PHP versions immediately to mitigate these risks.

2. Undocumented Commands in ESP32 Microchip

Timestamp: [05:30]

Security researchers at Tarlogic Security uncovered undocumented commands in the ESP32 microcontroller, a prevalent component in over a billion Wi-Fi and Bluetooth-enabled devices. These hidden commands could enable attackers to spoof trusted devices, access unauthorized data, pivot to other devices, and establish long-term persistence. The vulnerability arises from 29 vendor-specific Bluetooth commands facilitating memory manipulation, MAC address spoofing, and packet injection.

Notable Quote:

"These hidden commands found by Tarlogic Security could allow attackers to spoof trusted devices and establish long-term persistence," — CyberWire Daily, [05:30]

Expressif, the manufacturer of ESP32, has not yet disclosed these commands publicly, raising concerns about whether these vulnerabilities were intentional or oversights. While remote exploitation remains a possibility, physical access poses a greater threat. Compromised ESP32 chips could become launchpads for persistent cyberattacks on IoT devices, mobile phones, and medical equipment.

3. Office of the National Cyber Director's Growing Influence

Timestamp: [08:15]

The Office of the National Cyber Director (ONCD) is anticipated to gain substantial authority under the second Trump administration. Sean Cairncross, a Trump loyalist lacking a cybersecurity background, is expected to helm the ONCD, bringing robust political connections that may enhance its oversight of cyber policy across the executive branch. Experts suggest that ONCD will play a pivotal role in guiding both offensive cyber initiatives and domestic defense strategies.

Notable Quote:

"ONCD may finally become the executive branch's primary cyber authority, a role it struggled to achieve under Biden's administration," — CyberWire Daily, [08:15]

The integration of ONCD with the National Security Council's (NSC) cyber team is projected to bolster cyber crisis management. Analysts predict that deregulation will feature prominently in ONCD's agenda, especially given the reduced cyber staffing at the NSC and the absence of a figure like Ann Neuberger.

4. Akira Ransomware Gang's Unconventional Attack

Timestamp: [10:45]

The Akira ransomware group has employed a novel attack vector by leveraging an unsecured Linux-based webcam to infiltrate and encrypt victim networks. After initial access through an exposed remote access solution, likely via stolen credentials or brute force attacks, Akira installed AnyDesk, exfiltrated data for double extortion, and utilized Remote Desktop Protocol (RDP) to propagate. When their Windows encryptor was blocked by Endpoint Detection and Response (EDR) systems, they pivoted to exploiting a vulnerable webcam, which lacked EDR protection, to access Windows SMB network shares and deploy their Linux encryptor successfully.

Notable Quote:

"This attack highlights the security risks of IoT devices, emphasizing the need for network segmentation and regular firmware updates," — CyberWire Daily, [10:45]

This incident underscores the imperative for robust security measures on IoT devices, including network segmentation, consistent firmware updates, and enhanced monitoring of non-traditional endpoints to prevent such exploitations.

5. Mission, Texas Declares State of Emergency After Cyberattack

Timestamp: [13:20]

The city of Mission, Texas, has declared a state of emergency following a cyberattack that compromised all city government data and rendered systems offline. Emergency services remain operational; however, police have reportedly lost access to state databases required for license and ID verifications. Mayor Nori Gonzalez Garza has appealed to Governor Greg Abbott to declare a statewide emergency to unlock disaster funds. This attack is part of a series of ransomware incidents in Texas affecting municipalities like Matagorda County, McKinney, Capell, and Richardson, disrupting hospitals, utilities, and local governments.

Notable Quote:

"The attack, which began on Feb. 28, is under law enforcement investigation," — CyberWire Daily, [13:20]

6. LastPass Breach Linked to Major Crypto Heists

Timestamp: [16:00]

Following the 2022 LastPass breach, US federal investigators have confirmed a $150 million cyber heist in January 2024 targeting Ripple Co-founder Chris Larson, executed using stolen LastPass master passwords. The FBI and Secret Service corroborate Krebson Security's findings that attackers exploited poorly secured vaults to steal cryptocurrency seed phrases stored in LastPass Secure Notes. Despite seizing $24 million of the stolen funds, global thefts persist, raising concerns over LastPass's inability to adequately warn users and enforce stronger security measures.

Notable Quote:

"These attacks could have been prevented, and new thefts show the threat remains active more than two years after the breach," — CyberWire Daily, [16:00]

7. Presto Industries Suffers Cyberattack

Timestamp: [18:50]

Presto Industries, renowned for its popular home appliances such as air fryers, reported a cyberattack disrupting its shipping, manufacturing, and back-office operations since March 1st. The Wisconsin-based company disclosed the breach in an SEC filing, indicating ongoing forensic analysis and cooperation with law enforcement. While the full impact on Presto's military contracting division remains unclear, the company has implemented temporary measures to maintain critical functions. No cybercriminal group has claimed responsibility for the attack thus far.

Notable Quote:

"The attack's impact on Presto's military contracting division is unclear," — CyberWire Daily, [18:50]

8. Switzerland Enhances Cyberattack Reporting Requirements

Timestamp: [20:30]

Effective April 1, Switzerland mandates that critical infrastructure operators—including energy, water, transport, and government entities—report cyberattacks to the National CyberSecurity Center within 24 hours. For attacks disrupting operations, leaking data, or involving blackmail, reports are required within 14 days, with penalties for non-compliance. This regulation forms part of an amendment to the Information Security Act, with a grace period extending until October 1. Similar reporting laws are already in place in regions such as the US, UK, EU, and Australia.

Notable Quote:

"These regulations are part of a global trend towards more stringent cyberattack reporting standards," — CyberWire Daily, [20:30]

In-Depth Interview: Errol Weiss on Critical Infrastructure Cybersecurity

Guest: Errol Weiss, Chief Security Officer at Health ISAC
Timestamp: [14:42] to [27:42]

The Imperative of Private Sector Leadership

Errol Weiss begins by reflecting on a pivotal moment from 2011, inspired by New York Police Department Commissioner Ray Kelly's assertion that reliance on the federal government for security is insufficient. This philosophy underscores the foundational belief within the ISAC community that the private sector must take the lead in protecting critical infrastructure.

Notable Quote:

"We cannot rely on the federal government," — Errol Weiss, [14:42]

Historical Context and Evolution of ISACs

Weiss traces the origins of Information Sharing and Analysis Centers (ISACs) back to the mid-1990s, coinciding with the burgeoning internet and e-commerce sectors. The 1997 Presidential Commission on Critical Infrastructure Protection and the subsequent 1998 Presidential Decision Directive 63 established the framework for ISACs, promoting information sharing among private sector entities to bolster collective cybersecurity defenses.

Notable Quote:

"ISACs encourage each critical infrastructure sector to share information and collaborate on new threats," — Errol Weiss, [16:47]

Measuring Success Within Health ISAC

Success for Health ISAC is assessed through metrics such as the volume of shared indicators, member engagement levels, and the overall growth of the organization. While tangible metrics like prevented breaches are challenging to quantify, Weiss emphasizes the invaluable non-tangible benefits, including enhanced threat awareness and professional development for members.

Notable Quote:

"It's hard to put a number on it, but I think they understand there's value," — Errol Weiss, [20:16]

Future Aspirations and Global Collaboration

Looking ahead, Weiss envisions a more integrated global approach to information sharing, transcending national borders to address the inherently borderless nature of cyber threats. Health ISAC, with members in 140 countries, aims to facilitate seamless international collaboration, enabling rapid dissemination of threat intelligence across diverse regions.

Notable Quote:

"If we're able to encourage country ISACs to connect smoothly, it would better serve their members," — Errol Weiss, [21:51]

Navigating Partnerships with the Federal Government

Weiss highlights the challenges posed by political shifts and reduced federal participation in ISAC activities. Despite close collaborations with agencies like Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA), current administrative changes have led to diminished interaction. Nevertheless, ISACs remain committed to maintaining their role as apolitical, private sector-driven entities, ensuring continuity in information sharing and cybersecurity efforts.

Notable Quote:

"ISACs were established as apolitical trusted resources, independent of federal administration changes," — Errol Weiss, [25:01]

Concerns Over International Trust and Cooperation

Weiss expresses apprehension regarding the potential erosion of international trust in U.S.-led information sharing initiatives amidst current administrative dynamics. He underscores the importance of sustaining global partnerships to enhance collective cybersecurity resilience, advocating for continued collaboration despite geopolitical tensions.

Notable Quote:

"Foreign nations may be less inclined to participate in ISACs due to a lack of trust," — Errol Weiss, [26:31]

Conclusion

The March 10 episode of CyberWire Daily underscores the escalating cyber threats emanating from exploited vulnerabilities in widely used technologies like PHP and ESP32 microcontrollers. The nuanced discussion on the ONCD's expanding role and the innovative tactics of ransomware groups like Akira highlight the dynamic nature of cyber warfare. Furthermore, the interview with Errol Weiss illuminates the critical role of private sector collaboration in fortifying global cybersecurity defenses. As cyber threats continue to evolve, the imperative for comprehensive information sharing, proactive vulnerability management, and resilient infrastructure becomes increasingly paramount.

Listeners are encouraged to stay informed and proactive in their cybersecurity measures, leveraging insights from industry leaders to navigate the complex and ever-changing digital threat landscape.

For more detailed analysis and updates, subscribe to CyberWire Daily through your preferred podcast platform.

Loading summary

Transcript15 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire Network powered by N2K. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed. Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. PHP exploits are active in the wild Security researchers discover undocumented commands in a popular Wi fi and Bluetooth enabled microcontroller. The ONCD could gain influence in this second Trump administration. The Akira ransomware gang leverages an unsecured webcam mission Texas declares a state of emergency following a cyber attack. The FBI and Secret Service confirm crypto heists are linked to the 2022 LastPass breach. A popular home appliance manufacturer suffers a cyber attack. Switzerland updates reporting requirements for critical infrastructure operators. Our guest is Errol Weiss, chief security Officer at the Health isac, who warns the cavalry isn't coming and why the private sector must take the lead in critical infrastructure cybersecurity and a termination kill switch leads to potential jail time. Foreign March 10, 2025 I'm Dave Buettner and this is your Cyberwire Intel Briefing. Happy Monday everyone. It is great to be back from a restful family vacation. Thanks to Maria Vermazes for filling in on the mic for me and to our entire production team for making it possible for me to be away without skipping a beat. Threat actors are actively exploiting a critical PHP vulnerability to execute remote code on Windows servers running Apache and PHP CGI with specific code page settings. The flaw arises from PHP's failure to handle Unicode best fit conversion properly, allowing attackers to manipulate character sequences into PHP options. The vulnerability was publicly disclosed in June of last year, with ransomware groups launching attacks within days. Cisco later reported targeted attacks on Japanese organizations across multiple sectors using Cobalt Strike based tools for persistence and privilege escalation. Now Gray Noise warns that exploitation has gone global, with spikes in the us, uk, Singapore, India and others. In January of this year alone, over 1000 unique IPs attempted attacks. Germany and China account for over 43% of malicious IPs. All PHP versions on Windows are affected, but fixes have been released and users should update immediately to mitigate risks. Security researchers have discovered undocumented commands in the ESP32 microchip, a popular Wi Fi and Bluetooth enabled microcontroller used in over 1 billion devices. These hidden commands found by tarlogic security, could allow attackers to spoof trusted devices, access unauthorized data, pivot to other devices and establish long term persistence. The issue stems from 29 vendor specific Bluetooth commands that enable memory manipulation, Mac address spoofing and packet injection. These could be exploited for malicious firmware, supply chain attacks or advanced Bluetooth based threats. Expressif, the chip's manufacturer, has not publicly documented these commands, leaving questions about whether they were intentional or an oversight. While remote exploitation is possible, physical access poses a greater risk. Researchers warn that compromised ESP32 chips could serve as a launchpad for persistent cyber attacks on IoT devices, mobile phones and even medical equipment. Expressif has yet to comment. The Office of the National Cyber Director is expected to gain significant influence in a second Trump administration, fulfilling the leadership role Congress envisioned when it was created in 2021. Sean Cairncross, a Trump loyalist with no cybersecurity background, is expected to lead the office, bringing strong political ties that could enhance its authority over cyber policy across the executive branch. Experts say ONCD will take a central role, guiding both offensive cyber efforts and domestic defense. The NSC's cyber team, now focused on offensive cyber operations, will complement ONCD's leadership in cyber crisis management. Analysts predict deregulation will be a key ONCD initiative. With reduced cyber staffing at NSC and no Ann Neuberger like figure, ONCD may finally become the executive branch's primary cyber authority, a role it struggled to achieve under Biden's administration. The Akira ransomware gang leveraged an unsecured webcam to encrypt a victim's network, bypassing endpoint detection and Response, which had blocked their Windows encryptor. Cybersecurity firm SRM discovered this unconventional method during an incident response. Akira initially gained access through an exposed remote access solution, likely via stolen credentials or brute force attacks. They installed anydesk, stole data for double extortion, and used remote desktop protocol to spread before deploying ransomware. When EDR blocked their payload, they scanned for alternative attack vectors and found a vulnerable Linux based webcam. Since the webcam lacked EDR protection, they used it to mount Windows SMB network shares and launch their Linux encryptor, successfully encrypting network files. This attack highlights the security risks of IoT devices, emphasizing the need for network segmentation, regular firmware updates, and stronger monitoring of non traditional endpoints to prevent exploitation. The city of Mission, Texas declared a state of emergency after a cyberattack exposed all city government data and forced systems offline. Officials assured that emergency services remained operational, but reports suggest police lost access to state databases for license and ID checks. Mayor Nori Gonzalez Garza urged governor Greg Abbott to declare a statewide emergency to unlock disaster funds. The attack, which began Feb. 28, is under law enforcement investigation. Texas cities have faced multiple ransomware attacks in recent months, disrupting hospitals, utilities and local governments. Mission joins Matagorda County, McKinney, Capell and Richardson in suffering cyber incidents Krebson Security first reported in September 2023 that a wave of high value crypto heists stemmed from the 2022 LastPass breach. Now US federal investigators confirm that a $150 million cyber heist in January of 2024 targeting Ripple Co founder Chris Larson was executed using stolen LastPass master passwords. The FBI and Secret Service support Krebs findings stating attackers cracked poorly secured vaults to steal victims. Cryptocurrency seed phrases stored in LastPass Secure notes. $24 million in stolen funds have been seized, but thefts continue globally despite mounting evidence. LastPass denies definitive links to the thefts. Experts criticized LastPass for failing to warn users and enforce better security. Cybersecurity experts stress that these attacks could have been prevented, and new thefts show the threat remains active more than two years after the breach. NATIONAL Presto Industries, maker of popular home appliances like air fryers, reported a cyber attack disrupting shipping, manufacturing and back office functions since March 1st. The Wisconsin based company disclosed the incident in an SEC filing stating it is working to restore operations and has notified law enforcement. The attack's impact on Presto's military contracting division is unclear. Forensic analysis is ongoing and no cybercriminal group has claimed responsibility. The company warned that the breach could affect its financial performance, but has implemented temporary measures to maintain critical functions. Starting April 1, Switzerland will require critical infrastructure operators to report cyber attacks to the National CyberSecurity center within 24 hours. This mandate, part of an amendment to the Information Security act, applies to energy, water, transport and government entities. If an attack disrupts operations, leaks data or involves blackmail, reports must be completed within 14 days and fines may apply for non compliance. A grace period lasts until October 1. Similar laws exist worldwide, including in the US, UK, EU and Australia. Coming up after the break, Errol Weiss from the Health ISAC warns that the cavalry isn't coming and a termination kill switch leads to potential jail time. Stay with us. Foreign cyber threats are more sophisticated than ever. Passwords. They're outdated and can be cracked in a minute. Cybercriminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door. The login Yubico believes the future is passwordless. Yubikeys offer unparalleled protection against phishing for individuals, SMBs and enterprises. They deliver a fast, frictionless experience that users love. Yubico is offering N2K followers a limited buy one, get one offer. Visit yubico.com N2K to unlock this deal. That's Yubico. Say no to modern cyber threats. Upgrade your security today. Foreign do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. Errol Weiss is Chief Security Officer at the Health isac. I recently sat down with him to discuss why the cavalry is not coming and why the private sector must take the lead in critical infrastructure cybersecurity.
[14:42]
Errol Weiss
Ten years after 9 11, the then new York Police Department Commissioner Ray Kelly was doing an interview with 60 Minutes. They had posed a question to him, basically asking, you know how could you spend billions of dollars to protect New York City? And they were showcasing all of the efforts that New York City had gone through post 911 to protect the city, including building up a threat intelligence capability with New York police staff deployed globally, collecting intelligence in all parts of the world. I mean, just amazing. And just thinking about the money that they were spending to do that. When the reporter asked Ray Kelly, why did you do that? His answer was, basically, I'm not relying on the federal government to protect me. I've got to do this myself. And that really struck a chord with me back in 2011, even after, again, I've been in a part of this ISAC world for quite some time, going back to 1999 and the Financial Services ISAC, and really seeing the onus put on the private sector back in the mid-1990s, through some of the history with the federal government in terms of protecting critical infrastructure. And I think really that quote from Ray Kelly just cemented it for me then just realizing that we cannot rely on the federal government. And especially as administrations change, and of course, we've seen everything that's happened already this year, we need to take proactive measures to protect critical infrastructure. And we can look back at some of the original reporting that was done in the mid-1990s, this presidential commission on Critical Infrastructure, where they realized that much of the critical infrastructure was owned and operated by the private sector. And so that we needed to encourage the private sector to do something to protect it.
[16:33]
Dave Buettner
So what is the background and history of why this is so? I mean, why do we find ourselves with this situation where the private sector is primarily responsible for this, and is it this way around the world?
[16:48]
Errol Weiss
I don't necessarily think it's that way around the world, but again, I will, you know, I'll go back to the mid-1990s when, you know, the Internet was just starting to become a thing. E commerce was starting to explode. Banks were starting to be online and providing services online to their customers. And this again is the exact same timing when this Presidential Commission report on critical Infrastructure protection happened. And then we see that report coming out in 1997. And then the next year was this thing called Presidential Decision Directive 63, 1998. It encouraged the private sector to create These things called ISACs, Information Sharing Analysis Centers. And the whole idea was to encourage each critical infrastructure to create a forum where members or companies inside that sector, inside each of those critical infrastructures, could work with each other to share information, work to make sure that they were sharing, collaborating with each other when it came to new threats, new vulnerabilities, and helping each other stay safe online.
[17:54]
Dave Buettner
Well, as the chief security officer for the Health isac, let me ask you, how's it going?
[18:01]
Errol Weiss
So here we are like 30 years later, almost 30 years later now, and how is it going? Well, we've made a lot of strides since the beginning. I remember the early days of the financial services isac. It's sort of that classic comedic scene where you've turned the service on and you're sitting back and waiting for all the action to happen and then nothing happens. So how do you get people to start to contribute, collaborate with each other? And there's been a lot of growing pains, a lot of lessons learned, some advances in terms of defining a way for people to protect the information that's being shared with them. And so a few years after the invention of the ISACs came along this thing called Traffic Light protocol. And it became an easy way for people to understand what could they do with the information that's being shared with them? Do I have to keep it within my own company? Can I tell anybody else? Can I share it publicly? And so that Traffic Light protocol helps with all of that. And that was one of the reasons why we started to see a sudden explosion in the amount of information that was being shared. And then automation, when things like Stix and Taxi, the underlying protocols about how to automatically share threat indicators with each other that also help contribute to the automated sharing. And ultimately I would say it's still personality driven, it's still driven by people who understand who get the benefits of information sharing. The fact that the fact that they can not only help protect their company, but that they can also get something personally out of it. Learn, understand the technology better, understand the vulnerabilities better and benefit at a personal level by learning new capability, new threats, new ways to protect their company and benefit from just from a professional development standpoint.
[20:08]
Dave Buettner
With your role at the Health isec, how do you and your colleagues measure success?
[20:17]
Errol Weiss
Well, we're very metrics driven, right. So we're constantly looking at the number of indicators that are shared, the number of members that are sharing multi way. So it's not just that we're broadcasting out all the time that people are contributing back the growth in the organization, the benefits that members are getting from us. You know, it's tough to measure, right? It's tough to measure what you've prevented from happening, right. So it's definitely a challenge when it comes to showing positive KPIs for example, and I think a lot of the ways, one of the reasons why ISACs are growing and gaining in popularity is that people can, people can understand the non tangible benefits that they get out of it. There's this conventional wisdom that says, gee, from all the information that I've gleaned from this, the crowdsourcing of information, the better access to understand new threats, new vulnerabilities, or even understanding what the best practices are in the industry today, by learning all of that from my peers and being able to quickly gather all that and implement that in your own environment, I think people understand there's some tangible value that they're getting out of it. It's hard to put a number on it, but I think they understand there's value.
[21:42]
Dave Buettner
As you look towards the future, what are some of the aspirational goals that you have for the organization and where do you see isacs going?
[21:51]
Errol Weiss
Yeah, I think some of the challenges that we have is that there's still a perception that the ISACS are a US thing, or even, I'll say worse yet, an extension of the US government. I mean, we're not. Most of the ISACs are nonprofit organizations that are funded entirely by member organization fees and other revenue and not reliant on federal government. And I think especially this year, it becomes even more important to understand that because of budget cuts and staff cuts that are happening, we're not impacted by that. We're still providing services to our members, despite what we see happening in the administration here today. And I think the challenges that we see internationally is that we also see other sovereign nations wanting to set up their own ISACs. And I think it's commendable to see activity like that, to be able to replicate that model. But I think it's a disservice to the sectors individually because cyber threats, they don't respect international borders. Right. And so if we're seeing something happening here in the US for example, it's probably happening in Europe, it's probably happening in Asia Pacific as well, Australia, et cetera. They're seeing the same cyber threats that we are. And we need to be able to quickly broadcast that information and share it across the globe without having to have these manual steps to share it from one ISAC to another, for example. So I think sort of my goals would be to have better cross border international information sharing and collaboration happening on a global basis. I mean, Health ISAC, we've got members in 140 countries around the world, but it could always be better. And I think that if we're able to encourage those country ISACs that are being set up to be able to connect with the infrastructure ISACs in a much smoother, transitional, transparent way. That would be a better service for ultimately for their members that they're trying to serve.
[24:15]
Dave Buettner
You know, you brought up a really interesting point, which is that, you know, we're seeing a lot of transition and I think some would say even chaos in Washington, D.C. right now. And it's challenging for a lot of folks in a lot of different positions. But as you look at the partnerships that organizations have with the federal government, it seems to me like this informs. Is it safe to say that organizations like the Health isec, they welcome participation and partnership with federal government organizations? But it seems to me like things like this reinforce the fact that you can't always rely on them. You need to have your own autonomy because you never know what's around the next corner.
[25:02]
Errol Weiss
Yeah, that's exactly right and really well said. I mean, I think in so many ways, the ISACS were established as this apolitical trusted resource. So the ISACS have been set up as this apolitical trusted resource that's created, operated, funded by the private sector and not necessarily subject to the whims of one administration to the next. And it's, and it's really, it's so important to be able to maintain some of that consistency, especially in times like this that we see today where, you know, to your point, Health isac, we work very closely with Health and Human Services, HHS and cisa, for example, and who knows what's happening in this environment right now where we've even heard that, you know, they can't talk to us, they can't attend meetings that they normally would have attended in the past. And so we're kind of waiting to see what happens, see what those next steps are. So I think there's going to be a bit of a loss there when it comes to some of the collaboration and sharing that's happening between public and private sector. But safe to say things like Health ISAC and the other ISACs will continue to operate as we normally do, just with some of the less participation from our federal partners, unfortunately, at this time.
[26:23]
Dave Buettner
All right, well, Errol, I think I have everything I need for our story here. Is there anything I missed? Anything I haven't asked you that you think it's important to share?
[26:31]
Errol Weiss
Yeah, I think just the last thing I would just point out again. The last thing that I would point out again. And it just happens to do with sort of that international sharing that I mentioned before, and I worry that because of what's happening in the administration right now, that our foreign partners, foreign nations, are sort of losing trust in the US and based on what's been happening and some of the posturing that's been happening early in this administration, and I think ultimately it may even impact what's happening in the cybersecurity information sharing worlds, that nations outside the US may be less inclined to participate in some of these ICE acts because of the lack of trust or the lack of assurance that we're going to. The lack of assurance that we're going to continue to work together in a very cooperative fashion as we've done in the past. So I'm a bit concerned about that. But I will continue to beat the drum that we are still here operating business as usual and looking for partners where we can partner internationally to help our members globally.
[27:42]
Dave Buettner
That's Errol Weiss, Chief Security Officer at the Health isap. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Deleteme. I have to say, Deleteme is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports. So know exactly what's been done, take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com n2k and use promo code n2k at checkout. The only way to get 20% off is to go to JoinDeleteMe.com N2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. And finally, the story of Davis Liu, a 55 year old software developer who took rage quitting to a whole new level after working for eaton Corporation for 12 years. Lou was demoted in 2019. Apparently, instead of updating his resume like the rest of us, he wrote a Java based malware program to grind his employer's systems to a halt. His masterpiece, an infinite loop that kept spawning threads until the system collapsed. But he didn't stop there. Lou also coded a kill switch charmingly named Is DL enabled in ad. Presumably is Davis Lou enabled in Active Directory, which locked thousands of employees out of their accounts. If he was ever fired, and he was, the feds weren't amused. After failing to delete evidence and admitting guilt in an interview, Lou still pleaded not guilty. Lost. Now he faces up to 10 years in prison, proving that revenge is best served. Not at all. And that's the Cyberwire we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilby is our publisher and I Dave Bitner. Thanks for listening. We'll see you back here tomorrow. And now a message from our sponsor. Zscaler, the leader in cloud security enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Zscaler Zero Trust AI stops attackers by hiding your attack surface, making apps and IPs invisible, eliminating lateral movement connecting users only to specific apps, not the entire network continuously verifying every request based on identity and context simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@Zscaler.com Security.